The current registration of admission plug-ins happen too late so the
command line help is not yielding correct/useful information to users.
This is already causing confusion as mentioned in some issues.
This patch fixes it by moving plugins.go down to options package because
"plugins" in this context are themselves options for users. Registration
of plugins is not an expensive operation and it is already done in most
execution paths.
In future, we may want to revisit these plugins and migrate them to the
shared apiserver repo when appropriate.
Automatic merge from submit-queue
Change API version of statefulset scale subresource e2e test to v1beta2
**What this PR does / why we need it**:
This PR changes API version of statefulset scale subresource e2e test from `v1beta1` to `v1beta2`.
`apps/v1beta2` has been enabled.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref #50109
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50536, 50809, 50220, 50399, 50176)
Set ExecSync timeout in liveness prober.
Although Dockershim doesn't actually support `ExecSync` timeout (see [here](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/dockershim/exec.go#L137)), we should set the timeout, so that the other runtime which supports the timeout could work properly.
Fixes#50389.
/cc @yujuhong @timstclair @feiskyer
Automatic merge from submit-queue (batch tested with PRs 50536, 50809, 50220, 50399, 50176)
Make admission plugin handle mutating spec of uninitialized pods
Address https://github.com/kubernetes/kubernetes/issues/47837#issuecomment-321323243.
Updated to handle mutating pod spec of uninitialized pods:
* InitialResources
* PodNodeSelector
* PodTolerationRestriction
* ServiceAccount
Doesn't change:
* NodeRestriction: this plugin only cares about the mirror pods created by nodes, and mirror pods are exempted from initializers, so no modification required
* PersistentVolumeLabel, DefaultStorageClass: It only cares about PersistentVolume. We can revisit when we relax its validation.
* InitialResource: deprecated according to https://github.com/kubernetes/kubernetes/issues/47837#issuecomment-321388879
Automatic merge from submit-queue (batch tested with PRs 50536, 50809, 50220, 50399, 50176)
Refactor statefulset test with sets.String
**What this PR does / why we need it**:
Delete redundant sort. These string slices only own one element.
There is no necessary to sort them.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50536, 50809, 50220, 50399, 50176)
mark created-by annotation as deprecated
**What this PR does / why we need it**: This PR marks created-by annotation as deprecated in code comments.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref #44407
**Special notes for your reviewer**:
**Release note**:
```release-note
The `kubernetes.io/created-by` annotation is now deprecated and will be removed in v1.9. Use [ControllerRef](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/controller-ref.md) instead to determine which controller, if any, owns an object.
```
Automatic merge from submit-queue (batch tested with PRs 50281, 50747, 50347, 50834, 50852)
fix incorrect logic in admission register
**What this PR does / why we need it**:
There is no issue for this PR, just fix incorrect logic in invocation `func (ps *Plugins) Register(name string, plugin Factory) ` after browsing the code accidentally. And apparently, the logic exits potential panic.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
no issue
**Special notes for your reviewer**:
none
**Release note**:
none
Automatic merge from submit-queue (batch tested with PRs 50281, 50747, 50347, 50834, 50852)
fix kubectl issue(#52)kubectl run --expose continues after error (mis…
…sing port)
**What this PR does / why we need it**:
https://github.com/kubernetes/kubectl/issues/52
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50281, 50747, 50347, 50834, 50852)
Add e2e aggregator test.
What this PR does / why we need it:
This adds an e2e test for aggregation based on the sample-apiserver.
Currently is uses a sample-apiserver built as of 1.7.
This should ensure that the aggregation system works end-to-end.
It will also help detect if we break "old" extension api servers.
Which issue this PR fixes (optional, in fixes #<issue number>(, fixes
fixes#43714
**Special notes for your reviewer**:
**Release note**: NONE
Automatic merge from submit-queue (batch tested with PRs 50281, 50747, 50347, 50834, 50852)
[proxy] Move IsLocalIP() and ShouldSkipService() to pkg/proxy/util
**What this PR does / why we need it**:
Move function `IsLocalIP()` and `ShouldSkipService()` to pkg/proxy/util package so that they can be consumed among different proxiers.
Besides, add some UTs for `ShouldSkipService()`.
**Which issue this PR fixes**: fixes#50744
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Mark volume as detached when node does not exist for vsphere
If node does not exist, node's volumes will be detached
automatically and become available. So mark them detached and
return false without error.
Fix#50266
**Special notes for your reviewer**:
/assign @jingxu97
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Updates Kubeadm Master Endpoint for IPv6
**What this PR does / why we need it**:
Previously, kubeadm would use ip:port to construct a master
endpoint. This works fine for IPv4 addresses, but not for IPv6.
Per [RFC 3986](https://www.ietf.org/rfc/rfc3986.txt), IPv6 requires the ip to be encased in brackets
when being joined to a port with a colon.
This patch updates kubeadm to support wrapping a v6 address with
[] to form the master endpoint url. Since this functionality is
needed in multiple areas, a dedicated util function was created
for this purpose.
**Which issue this PR fixes**
Fixes Issue https://github.com/kubernetes/kubeadm/issues/334
**Special notes for your reviewer**:
As part of a bigger effort to add IPv6 support to Kubernetes:
Issue #1443
Issue #47666
**Release note**:
```NONE
```
/area kubeadm
/area ipv6
/sig network
/sig cluster-ops
Automatic merge from submit-queue
fix issue(#49883) Add selector example
**What this PR does / why we need it**:
fixes#49883
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50563, 50698, 50796)
Disable Docker's health check until we officially support it
Ref: https://github.com/kubernetes/kubernetes/issues/50703
Tested locally.
Without this PR:
```
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
afdd796ddddc gcr.io/ygg-gke-dev/nginx-healthcheck "nginx -g 'daemon ..." 5 minutes ago Up 5 minutes (healthy) k8s_test-container_test-pod_default_8a1ad225-82bf-11e7-becb-480fcf514648_0
```
With this PR:
```
e3fb2437555f gcr.io/ygg-gke-dev/nginx-healthcheck "nginx -g 'daemon ..." 10 seconds ago Up 9 seconds k8s_test-container_test-pod_default_de82e83c-82c0-11e7-b3fc-480fcf514648_0
```
**Release note**:
```
Disable Docker's health check until we officially support it.
```
/assign @yujuhong
/assign @dchen1107
Automatic merge from submit-queue (batch tested with PRs 50563, 50698, 50796)
Add ControllerRevision to apps/v1beta2
**What this PR does / why we need it**:
This PR added `ControllerRevision` currently in `apps/v1beta1` to `apps/v1beta2`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50696.
**Special notes for your reviewer**:
@kow3ns @janetkuo
**Release note**:
```release-note
Add ControllerRevision to apps/v1beta2
```
Automatic merge from submit-queue (batch tested with PRs 50563, 50698, 50796)
Creates /var/lib/kubelet as root
**What this PR does / why we need it**: `hack/local-cluster-up.sh` does not currently use sudo to create `/var/lib/kubelet`, so it fails unless the entire script is run with sudo.
**Release note**:
```release-note
NONE
```
Previously, kubeadm would use <ip>:<port> to construct a master
endpoint. This works fine for IPv4 addresses, but not for IPv6.
IPv6 requires the ip to be encased in brackets when being joined
to a port with a colon.
This patch updates kubeadm to support wrapping a v6 address with
[] to form the master endpoint url. Since this functionality is
needed in multiple areas, a dedicated util function was created.
Fixes: https://github.com/kubernetes/kubernetes/issues/48227
Automatic merge from submit-queue
Small improvement in ban flunder admission plugin.
**What this PR does / why we need it**:
After the changes a name will be taken directly from meta field.
Previously a name was taken via attributes.GetName() method,
which in turns derived a name from a URL address.
This didn't work as we don't allow to pass a name when POSTing a resource.
#47868
**Release note**:
```
NONE
```
What this PR does / why we need it:
This adds an e2e test for aggregation based on the sample-apiserver.
Currently is uses a sample-apiserver built as of 1.7.
This should ensure that the aggregation system works end-to-end.
It will also help detect if we break "old" extension api servers.
Which issue this PR fixes (optional, in fixes #<issue number>(, fixes
fixes#43714
Fixed bazel for the change.
Fixed # of args issue from govet.
Added code to test dynamic.Client.
Copy of previous newrelic example, then modified to use the new agent
"newrelic-infra" instead of "nrsysmond".
Also maps all of host node's root fs into /host in the container (ro,
but still exposes underlying node info into a container).
Updates to README
Automatic merge from submit-queue
kubeadm: Fix self-hosting race condition
**What this PR does / why we need it**:
Splitted out from: https://github.com/kubernetes/kubernetes/pull/50766
Waits for the Static Pod to be deleted before proceeding with checking the API health.
Otherwise there is a race condition where we're checking the health on the static pod API server; not the self-hosted one that we expect.
Also improves the logging output and adds reasonable timeouts for the process
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
Dependency for
- https://github.com/kubernetes/kubernetes/pull/50766
- https://github.com/kubernetes/kubernetes/pull/50631
- https://github.com/kubernetes/kubernetes/pull/48899
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
After the changes a name will be also taken directly from meta field.
Previously a name was taken only via attributes.GetName() method,
which in turns derived a name from a URL address.
This didn't work as we don't allow to pass a name when POSTing a resource.
Automatic merge from submit-queue
Migrate sig-apimachinery and sig-servicecatalog e2e tests
**What this PR does / why we need it**:
Migrate sig-apimachinery and sig-servicecatalog e2e tests
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Ref Umbrella issue #49161
1. Move generated_clientset.go to sig-apimachinary
2. Move podpreset.go to sig-servicecatalog by creating new directory.
**Special notes for your reviewer**:
**Release note**:
none
/cc @liggitt
Automatic merge from submit-queue
remove unused function in openstack cloud provider
**What this PR does / why we need it**:
List function not used in openstack cloud provider, and useless, I think need remove it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50550, 50768)
Don't SSH to master for metrics in case of GKE
cc @kubernetes/sig-scalability-misc @crassirostris
Automatic merge from submit-queue (batch tested with PRs 50550, 50768)
Cleanup locking in configz
**What this PR does / why we need it**:
- Reduce scope of lock in `write()` method
- Use the read lock in `write()` method
**Release note**:
```release-note
NONE
```
/kind cleanup
@mikedanese
p.s. looks like the `Set()` method could be removed if the value is accepted as an argument to `New()`. I.e. looks like to code re-sets the value.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Make endpoints controller update based on semantic equality
Fixes#50828
Split from https://github.com/kubernetes/kubernetes/pull/45294 for separate review
Currently, endpoints objects containing no subsets are decoded by the go client as subsets:[] (when requested individually) or as subsets:null (when requested in a list of endpoints).
Because the endpoints controller is fed via a lister/watcher, it gets the `subsets:null` version fed to it. The subsets computation then returns an empty slice, which fails reflect.DeepEqual, which triggers a write attempt.
This PR makes the comparison use semantic.DeepEqual to avoid spurious writes.
https://github.com/kubernetes/kubernetes/pull/45294 would remove the inconsistency between lists and individual gets.
Di Xu